> > > I maintain, that moving lsm hooks into callers is insane. And that's > > > *the* sanest alternative that anybody has been able to come up with to > > > passing down vfsmounts into the vfs. > > > > Not so. I showed how pathname-based security could be done *without* > > passing vfsmounts down at all. Unfortunately, you weren't interested. > > Umm, not sure what you are referring to. Could you please give a > pointer? I'm sure the apparmor developers would be more than > interested in such a scheme, if it does indeed work. Found it: http://lkml.org/lkml/2008/4/9/98 I did not take part in that discussion and could not have been able to contribute anyway. From a cursory read of the thread, the idea was good, but not entirely applicable to apparmor. Or did I miss something? Thanks, Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
